Skip to main content
AAtlas
See a live renewal
Legal

Business Associate Agreement

Atlas is a HIPAA Business Associate when customers process PHI through our platform. We execute a BAA before production PHI access. Current template is available on request.

What we can tell you today
  • Our BAA follows the HHS model and includes breach notification within 60 days of discovery (Atlas targets 24 hours in practice).
  • Permitted uses of PHI limited to providing the services to the customer. No use for secondary purposes, research, or model training.
  • Minimum-necessary access enforced technically via role-based access control and audit logging.
  • All subprocessors that touch PHI have executed downstream BAAs with Atlas.
  • Return or destruction of PHI on termination, with customer's choice of export format.
Ben Admin, EDI, HRIS, and Billing Recon modules process PHI. Platform surfaces (CRM, Broker Comp, Marketing) typically do not — scope covered per-module on the executed BAA.
For the current draft or to start a review
security@velora.com
Back to Atlas